<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
    <meta charset="UTF-8"/>
    <title>admin</title>
</head>
<body>
<h1 th:text="|标题: ${title}|">Title : XXX</h1>
<h1 th:text="|信息: ${message}|">Message : XXX</h1>
<h2 sec:authorize="hasRole('ROLE_ADMIN')"><a href="javascript:formSubmit()">Logout</a></h2>
<div sec:authorize="hasRole('ROLE_DBA')">
   DBA才能看到
</div>
<!-- csrf for logout-->
<form action="/logout" method="post" id="logoutForm">
    <input type="hidden" th:name="${_csrf.parameterName}" th:value="${_csrf.token}" />
</form>
<script>
    function formSubmit() {
        document.getElementById("logoutForm").submit();
    }
</script>
</body>
</html>